CVE-2014-6617
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
09/03/2018
Last modified:
09/10/2018
Description
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:industrial.softing:fg-100_pb_profibus_firmware:fg-x00-pb_v2.02.0.00:*:*:*:*:*:*:* | ||
cpe:2.3:h:industrial.softing:fg-100_pb_profibus:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html
- http://www.securityfocus.com/archive/1/533902/100/0/threaded
- http://www.securityfocus.com/bid/70927
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98512
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt